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Election/Restrictions 

1 . Applicant's election without traverse of Group I (Claims 1 -45) in the reply filed on 
January 14, 2009 is acknowledged. 



Drawings 

2. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) 
because reference character "18" has been used to designate both a not necessarily 
secure e-mail client in Fig. 1 and a secure e-mail client in Fig. 2, reference character 
"22" has been used to designate both a sender in Fig. 1 and a receiver in Figs. 2-3, and 
reference character "24" has been used to designate both a receiver in Fig. 1 and a 
sender in Figs. 2-3. Corrected drawing sheets in compliance with 37 CFR 1 .121(d) are 
required in reply to the Office action to avoid abandonment of the application. Any 
amended replacement drawing sheet should include all of the figures appearing on the 
immediate prior version of the sheet, even if only one figure is being amended. Each 
drawing sheet submitted after the filing date of an application must be labeled in the top 
margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121 (d). If 
the changes are not accepted by the examiner, the applicant will be notified and 
informed of any required corrective action in the next Office action. The objection to the 
drawings will not be held in abeyance. 

3. The drawings are objected to because text labels are necessary for the 
applicant's drawings to be understood. Figures 1-4 contain rectangular boxes whose 
meanings are unclear instead of conventional drawing symbols whose meanings are 
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readily apparent, such as the circuit elements that represent resistors, capacitors, or 
inductors. The examiner respectfully points the applicants to 37 CFR 1 .84(n) and 
1 .84(o), which state, "Graphical drawing symbols may be used for conventional 
elements when appropriate," while "[o]ther symbols which are not universally 
recognized may be used, subject to approval by the Office," and that "[s]uitable 
descriptive legends may be used subject to approval by the Office, or may be required 
by the examiner where necessary for understanding of the drawing." Accordingly, the 
rectangular boxes require text labels necessary for understanding of the drawings. 
Corrected drawing sheets in compliance with 37 CFR 1 .121(d) are required in reply to 
the Office action to avoid abandonment of the application. Any amended replacement 
drawing sheet should include all of the figures appearing on the immediate prior version 
of the sheet, even if only one figure is being amended. Each drawing sheet submitted 
after the filing date of an application must be labeled in the top margin as either 
"Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are 
not accepted by the examiner, the applicant will be notified and informed of any required 
corrective action in the next Office action. The objection to the drawings will not be held 
in abeyance. 

Claim Objections 

4. Claim 1 is objected to because of the following informalities: claim 1 recites "a 
key container by a key container directory," on page 2 line 4 and "a key container to the 



Application/Control Number: 10/594,986 Page 4 

Art Unit: 2431 

requestor," on page 2 line 8 it is unclear whether the recited claim limitations are 
intended to refer to the same key container. Appropriate correction is required. 

5. Claim 6 is objected to because of the following informalities: claim 6 recites "a 
key container for each gateway," on page 2 line 27 and claim 6 depends from 
independent claim 1 , which recites "a key container by a key container directory," on 
page 2 line 4 and "a key container to the requestor," on page 2 line 8 it is unclear 
whether the recited claim limitations are intended to refer to the same key container. 
Appropriate correction is required. 

Claim Rejections - 35 USC §112 

6. The following is a quotation of the second paragraph of 35 U.S. C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

7. Claims 2, 4, 12-14, 18, and 22 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

8. Claims 2 and 4, the recite phrase "such as," which renders the claim indefinite 
because it is unclear whether the limitations following the phrase are part of the claimed 
invention. See MPEP § 2173.05(d). 

9. Claims 12, 14 and 18 recite the limitations "if so," yet no limitation is provided for 
"if not." This issue is raised because the "if conditional, by its very nature, exhibits 
alternative steps in the event the "if conditional fails; the alternative step(s) may, or may 



Application/Control Number: 10/594,986 Page 5 

Art Unit: 2431 

not, be limited to not performing any step(s). Accordingly, the meets and bounds of the 
claim have not been clearly established. To remediate this issue, applicant must 
remove the conditional or include the alternative step(s) when the conditional fails. 

10. Claim 13 recites the limitation "if not," yet no limitation is provided for "if so." This 
issue is raised because the "if conditional, by its very nature, exhibits alternative steps 
in the event the "if conditional succeeds; the alternative step(s) may, or may not, be 
limited to not performing any step(s). Accordingly, the meets and bounds of the claim 
have not been clearly established. To remediate this issue, applicant must remove the 
conditional or include the alternative step(s) when the conditional fails. 

1 1 . Claim 22 recites the limitation "the step of determining is based on the 
information provided" in page 4 line 28. Neither claim 22 nor claims 21 and 1 recite 
performing a determining step, therefore is insufficient antecedent basis for this 
limitation in the claim. 



Claim Rejections - 35 USC § 102 

12. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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1 3. Claims 1 -21 , 24-30, and 33-45 are rejected under 35 U.S.C. 1 02(e) as being 
anticipated by Bandini et al. (US 2008/0270789). 
Regarding Claims 1,9-10, 30, 33: 

Bandini discloses a method of providing a key container ("Digital Certificates" 
See paragraphs 41 and 44) by a key container directory ("Certificate Lookup Server" 
See fig. 12 ref. no. 1210 and paragraphs 58-59), the key container to be used to secure 
a message that will be sent from a sender to a recipient ("Encryption/signature and/or 
decryption/verification of messages between transmitting and receiving cites" See figs. 
5(a)-5(c) and paragraphs 43-46), receiving a request for the key container from a 
requestor ("The e-mail firewall submits the e-mail address of the recipient or the domain 
of the recipient's e-mail to the certificate lookup and verification server and optionally 
submitting a description of the policy requirements, or preferences, for the certificates." 
See paragraph 65 and "Client 508.1 provides encryption/decryption services to allow 
messages to be transmitted securely through server 506 by supporting 
encryption/decryption services." See paragraph 45), and in response to the request 
providing a key container to the requestor that contains a cryptographic key of a 
gateway that the message will transmit ("The response, which includes a sorted list of 
one or more certificates is returned by the certificate lookup and verification server to 
the security manager of the e-mail firewall." See paragraph 65) and an address of the 
sender or the recipient ("Identification of the other S/MIME server through directory 
domain records, association of directory domain records with server certificates and 
selection of encryption/signature algorithms and key length." See paragraph 44 and 
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"Identification of the client 508.1 through directory user records with user certificates 
and selection of encryption/signature algorithms and key length." See paragraph 45). 
Regarding Claims 2-3 and 44: 

Bandini discloses the key container directory is remote from the gateway and 
external to the network domain of the recipient ("An external certificate lookup server 
1210 is employed to provide security data, including certificate date to e-mail firewalls." 
See fig. 12 ref. no. 1210 and paragraph 58). 
Regarding Claim 4: 

Bandini discloses the message is transmitted from the sender over an insecure 
computer network ("Internet" See fig. 5(a)-5(c) ref. no. 104). 
Regarding Claim 5: 

Bandini discloses the network domain of the recipient is secure ("A first plurality 
of user computers 1208 is coupled to a first firewall 1202 by a local connection. In one 
embodiment the local network connection between the user computers 1208 and the e- 
mail firewall 1202 is a secure private network, as is known in the art." See fig. 12 ref. 
nos. 1202, 1208, and paragraph 58). 
Regarding Claim 6: 

Bandini discloses providing a key container having a key container for each 
gateway that the message will transit ("The response, which includes a sorted list of one 
or more certificates is returned by the certificate lookup and verification server to the 
security manager of the e-mail firewall." See paragraph 65). 
Regarding Claim 7: 
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Bandini discloses determining the identity of one or more gateways that the 
message will transit ("Identification of the other S/MIME server through directory domain 
records, association of directory domain records with server certificates and selection of 
encryption/signature algorithms and key length." See paragraph 44). 
Regarding Claim 8: 

Bandini discloses the key container directory provides multiple key containers in 
the response to the request ("The response, which includes a sorted list of one or more 
certificates is returned by the certificate lookup and verification server to the security 
manager of the e-mail firewall." See paragraph 65). 
Regarding Claim 11: 

Bandini discloses determining what type of key container should be provided to 
the requestor ("Encryption is preferably performed by one of the following symmetric 
encryption algorithms: DES, Triple-DES, RC2, and other algorithms introduced by 
revisions of the S/MIME standard." See paragraph 41). 
Regarding Claims 12-13: 

Bandini discloses determining whether the requestor is the sender of the 
message and if so providing an encryption key container to the requestor ("The security 
manager 226 is accessing the recipient's or the e-mail firewall's public key." See 
paragraph 56). 
Regarding Claim 14: 

Bandini discloses determining whether the requestor is from the same domain as 
the gateway and if so, Providing the encryption key container having the cryptographic 
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key of the requestor's gateway ("A message by client 508.2 to client 508.1 may be 
encrypted when transmitted to server 105.1, decrypted by server 105.1 and subjected to 
appropriate actions by the policy managers. The message may then be encrypted for 
transmission to server 105.2 decrypted by server 105.2 and Subjected to appropriate 
actions by the policy managers, and encrypted for transmission to client 508.1 which 
decrypts the message." See fig. 5(c) and paragraph 46). 
Regarding Claim 15: 

Bandini discloses the requestor is the gateway and the request includes the 
address of the sender ("The e-mail firewall submits the e-mail address of the recipient or 
the domain of the recipient's e-mail." See paragraph 65). 
Regarding Claims 16 and 38-40: 

Bandini discloses the requesting the key contain includes an indication that a 
signing key container is requested ("The S/MIME protocol is well known and widely 
used and provides encryption and digital signatures." See paragraph 41). 
Regarding Claims 17-20: 

Bandini discloses the e-mail firewall determines if the e-mail message is such 
that a signature is added and an e-mail firewall policy refers to the e-mail message 
textual content, destination, source, and size, in determining whether a signature is 
required (See paragraph 55) 
Regarding Claim 21: 
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Bandini discloses the requestor authenticating with the key container directory 
("The communication between the e-mail firewall and the certificate lookup and 
verification server is preferably authentication." See paragraph 66). 
Regarding Claim 24: 

Bandini discloses once the request has been received generating the request 
key container ("The e-mail firewall submits the e-mail address of the recipient or the 
domain of the recipient's e-mail to the certificate lookup and verification server and 
optionally submitting a description of the policy requirements, or preferences, for the 
certificates. The certificate lookup and verification server responds by facilitating the 
lookup and verification according to its own policies or according to the policies 
submitted by the e-mail firewall." See paragraph 65). 
Regarding Claim 25: 

Bandini discloses the request is made using a Lightweight Directory Access 
Protocol ("The certificate lookup module preferably employs the Light-weight Directory 
Access Protocol to query the remote servers for certificates." See paragraph 61). 
Regarding Claim 26: 

Bandini discloses the key container contains a cryptographic key that is a public 
key ("E-mail firewalls provide key pair and public key certificate generation." See 
paragraph 44). 
Regarding Claim 27: 
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Bandini discloses the key container is a digital certificate ("S/MIME 
advantageously offers security services for authentication using digital certificates." See 
paragraph 41). 
Regarding Claim 28: 

Bandini discloses the key container is a Pretty Good Privacy public key ("It 
should be understood that other secure message protocols such as Pretty Good Privacy 
or Open PGP, as specified y the ITF working group may also be used."). 
Regarding Claim 29: 

Bandini discloses the address contained in the key container is an e-mail 
address ("An e-mail from a company's CEO to the company's legal counsel by the 
domain of full -email address can be specified to require either encryption, signature, or 
both." See paragraph 39) and the gateway is an e-mail gateway ("Mail Server" See figs. 
5(a)-5(c) and "E-mail Firewall" See fig. 12 ref. nos. 1202 and 1203). 
Regarding Claims 34-36 and 42: 

Bandini discloses encryption is preferably performed by one of the following 
symmetric encryption algorithms: DES, Triple-DES, RC2, and other algorithms 
introduced by revisions of the S/MIME standard (See paragraph 41). 
Regarding Claim 37: 

Bandini discloses the sender's address is from the same domain as the gateway 
("A first plurality of user computers 1208 is coupled to a first firewall 1202 by a local 
connection. In one embodiment the local network connection between the user 
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computers 1208 and the e-mail firewall 1202 is a secure private network, as is known in 
the art." See fig. 12 ref. nos. 1202, 1208, and paragraph 58). 
Regarding Claim 41 : 

Bandini discloses the key container includes information that permits a requestor 
to determine the authenticity and integrity of the key container ("When the source of 
digital certificates is not fully trusted, the security manager 226 first verifies the validity 
of the digital certificate before employing it to encrypt a message." See paragraph 56) 
Regarding Claim 43: 

Bandini discloses the key container includes information about the key container 
directory that provided the key container ("The policy actions include verifying the 
signing certificate against a configurable list, verifying the digital certificate validity 
dates, verifying the key strength and algorithm allowed by the certificate, verifying the 
certificate usage, verifying the certificate chain, verifying that the root certificate is in a 
list of acceptable root certificate, and verifying that the certificate is not revoked." See 
paragraph 50). 
Regarding Claim 45: 

Bandini discloses the key container directory has a datastore of cryptographic 
keys that can be contained in any provided key container ("The certificate lookup server 
1210 preferably stores security data that is available to security processes in the 
firewalls 1202, 1203 for facilitating secure communications of e-mail messages over the 
public network 1204.") 
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Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 5. Claims 22-23 are rejected under 35 U.S.C. 1 03(a) as being obvious over Bandini 
et al. (US 2008/0270789) in view of Elliott et al. (US 6,335,927). 

Bandini discloses the above stated method for messaging security having the 
communication between the e-mail firewall and the certificate lookup and verification 
server authenticated (See paragraph 66). 

Bandini does not disclose the authentication is through the use of a valid 
username and password combination. 

Elliot discloses an authentication server that authenticates a user by checking a 
user name and password against a database of valid user names and passwords (See 
col. 256 lines 10-32). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Bandini to include checking a user name and password against a 
database of valid user names and passwords such as that taught by Elliott in order to 
prevent unauthorized users from accessing the certificate lookup and verification server. 

16. Claims 31 -32 are rejected under 35 U.S.C. 1 03(a) as being obvious over Bandini 
et al. (US 2008/0270789) in view of Ishiguro (US 2003/0185399). 
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Bandini discloses the above stated method for messaging security user key 
containers ("Digital Certificates" See paragraphs 41 and 44). 

Bandini does not disclose the key container contains information that invalidates 
its use at a time in the future. 

Ishiguro discloses an information processing apparatus that uses public key 
certificates the have an expiration date of the public key certificate (See fig. 27 and 
paragraph 204). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Bandini to include using an expiration date such as that taught by 
Ishiguro in order to allow secure e-mail privileges to be revoked through the use of 
temporarily valid digital certificates instead of permanently valid digital certificates. 

Conclusion 

1 7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BRETT SQUIRES whose telephone number is (571) 
272-8021 . The examiner can normally be reached on 9:30am - 6:00pm Monday - 
Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

IBS/ 

/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2431 



